checking-session-security
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseChecking Session Security
检查会话安全
Overview
概述
This skill provides automated assistance for the described functionality.
本Skill为上述功能提供自动化辅助。
Prerequisites
前提条件
Before using this skill, ensure:
- Source code accessible in {baseDir}/
- Session management code locations known (auth modules, middleware)
- Framework information (Express, Django, Spring, etc.)
- Configuration files for session settings
- Write permissions for security report in {baseDir}/security-reports/
使用本Skill前,请确保:
- 源代码可在{baseDir}/目录下访问
- 已知会话管理代码的位置(认证模块、中间件)
- 框架信息(Express、Django、Spring等)
- 会话设置的配置文件
- 拥有在{baseDir}/security-reports/目录下写入安全报告的权限
Instructions
操作步骤
- Review session creation, storage, and transport security controls.
- Validate cookie flags, rotation, expiration, and invalidation behavior.
- Identify common attack paths (fixation, CSRF, replay) and mitigations.
- Provide prioritized fixes with configuration/code examples.
See for detailed implementation guide.
{baseDir}/references/implementation.md- 审查会话创建、存储和传输的安全控制措施。
- 验证Cookie标记、轮换、过期和失效行为。
- 识别常见攻击路径(固定攻击、CSRF、重放攻击)及缓解措施。
- 提供带有配置/代码示例的优先级修复方案。
请查看获取详细的实现指南。
{baseDir}/references/implementation.mdOutput
输出
The skill produces:
Primary Output: Session security report saved to {baseDir}/security-reports/session-security-YYYYMMDD.md
Report Structure:
undefined本Skill生成以下内容:
主要输出:会话安全报告保存至{baseDir}/security-reports/session-security-YYYYMMDD.md
报告结构:
undefinedSession Security Analysis Report
Session Security Analysis Report
Analysis Date: 2024-01-15
Application: Web Portal
Framework: Express.js
Analysis Date: 2024-01-15
Application: Web Portal
Framework: Express.js
Error Handling
Error Handling
See for comprehensive error handling.
{baseDir}/references/errors.mdSee for comprehensive error handling.
{baseDir}/references/errors.mdExamples
Examples
See for detailed examples.
{baseDir}/references/examples.mdSee for detailed examples.
{baseDir}/references/examples.mdResources
Resources
- Session Management Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html
- OWASP Top 10 - Broken Authentication: https://owasp.org/www-project-top-ten/
- NIST 800-63B Authentication: https://pages.nist.gov/800-63-3/sp800-63b.html
- PCI-DSS Session Requirements: https://www.pcisecuritystandards.org/
- Express.js Session Security: https://expressjs.com/en/advanced/best-practice-security.html
- Session Management Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html
- OWASP Top 10 - Broken Authentication: https://owasp.org/www-project-top-ten/
- NIST 800-63B Authentication: https://pages.nist.gov/800-63-3/sp800-63b.html
- PCI-DSS Session Requirements: https://www.pcisecuritystandards.org/
- Express.js Session Security: https://expressjs.com/en/advanced/best-practice-security.html
undefined